ubuntu-docker-images team mailing list archive
-
ubuntu-docker-images team
-
Mailing list archive
-
Message #00560
nginx contains outdated Ubuntu packages
-
To:
rocks@xxxxxxxxxxxxx, sergio.durigan@xxxxxxxxxxxxx, athos.ribeiro@xxxxxxxxxxxxx, carl.csaposs@xxxxxxxxxxxxx, dragomir.penev@xxxxxxxxxxxxx, jose.masson@xxxxxxxxxxxxx, leon.mintz@xxxxxxxxxxxxx, paulo.machado@xxxxxxxxxxxxx, ryan.barry@xxxxxxxxxxxxx, simon.aronsson@xxxxxxxxxxxxx, ubuntu-docker-images@xxxxxxxxxxxxxxxxxxx
-
From:
security-team-toolbox-bot@xxxxxxxxxxxxx
-
Date:
Wed, 17 May 2023 05:16:32 +0000 (UTC)
A scan of this rock shows that it was built with packages from the Ubuntu
archive that have since received security updates. The following lists new
USNs for affected binary packages in each rock revision:
Revision r05915e8f6388 (arm64; channels: 1.22-22.10_beta, 1.22-22.10_edge)
* libwebp7: 6078-1
Revision r071013187f63 (amd64; channels: 1.18-22.04_beta)
* libwebp7: 6078-1
Revision r1a408765de51 (arm64; channels: 1.22-23.04_beta, edge, latest, 1.22-23.04_edge)
* libwebp7: 6078-1
Revision r4033e89b07ab (ppc64le; channels: 1.18-20.04_beta)
* libwebp6: 6078-1
Revision r411a00be243b (ppc64le; channels: 1.18-22.04_beta)
* libwebp7: 6078-1
Revision r4f9c9fee97a7 (s390x; channels: 1.18-20.04_beta)
* libwebp6: 6078-1
Revision r53d9a299c26e (ppc64le; channels: 1.22-22.10_beta, 1.22-22.10_edge)
* libwebp7: 6078-1
Revision r9ac5f9672d44 (amd64; channels: 1.22-22.10_beta, 1.22-22.10_edge)
* libwebp7: 6078-1
Revision r9e84ea428dd9 (s390x; channels: 1.22-23.04_beta, edge, latest, 1.22-23.04_edge)
* libwebp7: 6078-1
Revision ra00ace26f6a2 (ppc64le; channels: 1.22-23.04_beta, edge, latest, 1.22-23.04_edge)
* libwebp7: 6078-1
Revision ra215c3ef10a6 (arm64; channels: 1.18-20.04_beta)
* libwebp6: 6078-1
Revision ra5f776b811c4 (s390x; channels: 1.22-22.10_beta, 1.22-22.10_edge)
* libwebp7: 6078-1
Revision rbeb3008ca05f (arm64; channels: 1.18-22.04_beta)
* libwebp7: 6078-1
Revision rc71583496991 (amd64; channels: 1.22-23.04_beta, edge, latest, 1.22-23.04_edge)
* libwebp7: 6078-1
Revision rccec43af06cc (amd64; channels: 1.18-20.04_beta)
* libwebp6: 6078-1
Revision re33b9c1ca685 (s390x; channels: 1.18-22.04_beta)
* libwebp7: 6078-1
Simply rebuilding the rock will pull in the new security updates and
resolve this. If your rock also contains vendored code, now might be a
good time to review it for any needed updates.
Thank you for your rock and for attending to this matter.
References:
* https://ubuntu.com/security/notices/USN-6078-1/
Follow ups
